From 3ff3cfd51caf605092b6f8018f7ab37913775613 Mon Sep 17 00:00:00 2001
From: Stephan Schellworth <s.schellworth@valueon.ch>
Date: Fri, 30 Jan 2026 11:34:35 +0100
Subject: [PATCH] feat(realestate): RBAC catalog, template roles sync, instance
 role access rules

---
 app.py                                        | 11 -----------
 modules/features/realEstate/mainRealEstate.py | 10 ++++++----
 2 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/app.py b/app.py
index cfcc3c62..00b0e9f2 100644
--- a/app.py
+++ b/app.py
@@ -286,16 +286,6 @@ instanceLabel = APP_CONFIG.get("APP_ENV_LABEL")
 async def lifespan(app: FastAPI):
     logger.info("Application is starting up")
 
-<<<<<<< HEAD
-    # --- Register RBAC catalog for features (moved here from loadFeatureRouters for single-pass loading) ---
-    try:
-        from modules.security.rbacCatalog import getCatalogService
-        from modules.system.registry import registerAllFeaturesInCatalog
-        catalogService = getCatalogService()
-        registerAllFeaturesInCatalog(catalogService)
-    except Exception as e:
-        logger.warning(f"Could not register feature RBAC catalog: {e}")
-=======
     # Bootstrap database if needed (creates initial users, mandates, roles, etc.)
     # This must happen before getting root interface
     from modules.security.rootAccess import getRootDbAppConnector
@@ -306,7 +296,6 @@ async def lifespan(app: FastAPI):
         logger.info("Bootstrap check completed")
     except Exception as e:
         logger.warning(f"Bootstrap check failed (may already be initialized): {str(e)}")
->>>>>>> f6f41e2 (feat: extract bzo information)
 
     # Get event user for feature lifecycle (system-level user for background operations)
     rootInterface = getRootInterface()
diff --git a/modules/features/realEstate/mainRealEstate.py b/modules/features/realEstate/mainRealEstate.py
index 37b34ee9..1b15d0b7 100644
--- a/modules/features/realEstate/mainRealEstate.py
+++ b/modules/features/realEstate/mainRealEstate.py
@@ -165,11 +165,13 @@ def _syncTemplateRolesToDb() -> int:
         from modules.datamodels.datamodelRbac import Role, AccessRule, AccessRuleContext
 
         rootInterface = getRootInterface()
+        db = rootInterface.db
 
-        # Get existing template roles (Pydantic models)
-        existingRoles = rootInterface.getRolesByFeatureCode(FEATURE_CODE)
-        templateRoles = [r for r in existingRoles if r.mandateId is None]
-        existingRoleLabels = {r.roleLabel: str(r.id) for r in templateRoles}
+        existingRoles = db.getRecordset(
+            Role,
+            recordFilter={"featureCode": FEATURE_CODE, "mandateId": None}
+        )
+        existingRoleLabels = {r.get("roleLabel"): r.get("id") for r in existingRoles}
 
         createdCount = 0
         for roleTemplate in TEMPLATE_ROLES: